apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
api:
  advertiseAddress: "{% if k8s_interface is defined %}{{hostvars[inventory_hostname]['ansible_'+k8s_interface].ipv4.address}}{% else %}{{hostvars[inventory_hostname]['ip']|default(hostvars[inventory_hostname]['ansible_default_ipv4']['address'])}}{% endif %}"
  bindPort: {{ kube_apiserver_port }}
etcd:
  endpoints:
{% for endpoint in etcd_access_addresses.split(',') %}
  - {{ endpoint }}
{% endfor %}
  caFile: /etc/kubernetes/ssl/etcd/ca.pem
  certFile: /etc/kubernetes/ssl/etcd/client.pem
  keyFile: /etc/kubernetes/ssl/etcd/client-key.pem
imageRepository: {{kube_image_repo}}
networking:
  dnsDomain: {{ dns_domain }}
  serviceSubnet: {{ kube_service_addresses }}
  podSubnet: {{ kube_pods_subnet }}
kubernetesVersion: {{ kube_version }}
token: {{ kubeadm_token }}
tokenTTL: "{{ kubeadm_token_ttl }}"
apiServerExtraArgs:
  insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
  insecure-port: "{{ kube_apiserver_insecure_port }}"
  admission-control: {{ kube_apiserver_admission_control[kube_version | string] | join(',') }}
  apiserver-count: "{{ kube_apiserver_count }}"
  service-node-port-range: {{ kube_apiserver_node_port_range }}
  storage-backend: {{ kube_apiserver_storage_backend }}
{% if kube_api_runtime_config is defined %}
  runtime-config: {{ kube_api_runtime_config | join(',') }}
{% endif %}
  allow-privileged: "true"
apiServerCertSANs:
{% for san in  apiserver_sans.split(' ') | unique %}
  - {{ san }}
{% endfor %}
